Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My hijack log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My hijack log file

Unread postby i952ftn » September 30th, 2006, 1:45 am

I need you to check my log file, please. My problem is when I turn on the computer and Windows starts, it doesn't show icons and start menu. I can only see a background and a mouse pointer. The only thing I can work with is the task manager. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 12:55:51, on 29.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Instalacije\ZoneAlarm\zlclient.exe
C:\WINDOWS\eHome\ehmsas.exe
D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Instalacije\Download-ovi\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [\\antika\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "\\antika\EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Instalacije\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kav] "D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe"
O4 - HKCU\..\Run: [BitTorrent] "D:\Instalacije\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Clean Traces - D:\Instalacije\Download Accelerator 8.0\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Instalacije\Download Accelerator 8.0\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Instalacije\Download Accelerator 8.0\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Instalacije\Kaspersky Anti-virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7394366812
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe" -r (file missing)
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
i952ftn
Active Member
 
Posts: 3
Joined: September 29th, 2006, 4:27 pm
Advertisement
Register to Remove

Unread postby SpotCheckBilly » September 30th, 2006, 8:35 pm

Hello i952ftn,

Welcome to the MRU forums. 8)

I see that you are using Download Accelerator Plus. This program has a dubious reputation as you can read Here

A free, and spyware free, alternative is Star Downloader, or one of the other alternatives from Here.

Should you choose to remove it, uninstall it through Control Panel=>Add/Remove Programs.

Now, Download and Install: Ewido Anti-Spyware 4.0.
Once installed, please make the following settings changes:
  • Under the Status menu (which opens by default), under "Your Computer's Security," Change Status on Resident Guard to Inactive
  • Click Update Now
  • Under the now-opened Update menu, uncheck "Download and Install Updates Automatically (Recommended)"
  • Click Scanner in the top bar
  • Click the Settings tab
    • Under "How To Act?" set "Default Action for Detected Malware" to Quarantine
    • Under "How to Scan" ALL boxes should be checked
    • Under "What to Scan," "Scan every file" should be highlighted
    • Under "Possibly Unwanted Software" ALL boxes should be checked
  • Under Reports select "Automatically generate report after every scan" and uncheck "Only if threats were found"
  • Do NOT scan yet: We'll do so shortly.
  • Exit ewido.
Reboot into Safe Mode:
  • Restart your computer
  • Contiunally tap F8 until a menu appears.
  • Use your up/down arrow key to highlight Safe Mode.
  • Hit enter.
Please close ALL open windows/programs/folders. Have nothing else open as it can interfere with ewido while performs its scan!

Run the Ewido Scan
  • Click on the Scan Tab
  • Click on Complete System Scan
  • Let the program scan the machine -- it can take a while, just give it time.
  • When scan has finished, at bottom of screen click Apply all Actions
  • Click Save Report
  • Click Save Report As ("Save As" window should pop up.)
  • Click Desktop
  • Click Save
  • Exit ewido
Next, run HiJackThis and click "Scan", then check(tick) the following, if present:

O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll (file missing)

O8 - Extra context menu item: &Clean Traces - D:\Instalacije\Download Accelerator 8.0\DAP\Privacy Package\dapcleanerie.htm <--NOTE: only if you decided to remove DAP.
O8 - Extra context menu item: &Download with &DAP - D:\Instalacije\Download Accelerator 8.0\DAP\dapextie.htm <--NOTE: only if you decided to remove DAP.
O8 - Extra context menu item: Download &all with DAP - D:\Instalacije\Download Accelerator 8.0\DAP\dapextie2.htm <--NOTE: only if you decided to remove DAP.

With all windows closed except HiJackThis, click "Fix checked".

In your next reply, please include:
  • The report from ewido.
  • a new Hijackthis log.
:wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

did that

Unread postby i952ftn » October 1st, 2006, 2:32 am

Windows started normally 3 times in a row, and it is working properly now. I can't tell if everything will be ok, I hope it will. I didn't find any of files you told me to fix in HJT, probably because I deleted DAP, but I did't find the first file, too. Here are the reports from both programs you aked for. Check them, please, and tell me if something is wrong. Thanks for your help!
-----------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:01:39 30.9.2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Cleaned with backup (quarantined).
HKU\S-1-5-21-2626063797-3828294092-534543727-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\ReljaGros\Cookies\reljagros@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Oewabox : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\ReljaGros\Application Data\Mozilla\Firefox\Profiles\b0bg4thl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


saved at 23:12:11, on 30.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Instalacije\Download-ovi\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [\\antika\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "\\antika\EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Instalacije\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kav] "D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Instalacije\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "D:\Instalacije\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Instalacije\Kaspersky Anti-virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7394366812
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Instalacije\Kaspersky Anti-virus 6.0\avp.exe" -r (file missing)
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Instalacije\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
i952ftn
Active Member
 
Posts: 3
Joined: September 29th, 2006, 4:27 pm

Unread postby SpotCheckBilly » October 1st, 2006, 5:23 pm

Hello i952ftn,

Congratulations! Your log looks clean - good work!

Below is my standard "Final Cleanup" and "All Clean" speech. Included in it are tips on how to keep your computer from being reinfected. They are simple to set up and simple to maintain, and I HIGHLY recommend that you follow them. (I use every one.)

Download and scan with CCleaner
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

Before first use:Sselect Options=>Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Select the items you wish to clean up.

A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.

From the main screen:
  • Click Options=>Cookies.
  • Highlight the web sites you wish to keep.
  • Click "->" button.
  • Click Cleaner button to return to main screen.
  • Windows tab:
    **Internet Explorer** header:
  • Select everything .
    **Windows Explorer** header:
  • Select all
    **System** header:
  • Select all
  • Advanced tab:
  • Select all entries
  • Select any others that you choose.
  • Applications tab:
    **Firefox/Mozilla header** (if you use it).
  • Select all
    **Opera** header (if you use it).
  • Select all
    **Internet** header.
  • Select Sun Java
  • Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.
You can also go ahead and delete all the files that ewidoput into quarantine.

If everything is running ok, let's do the final cleanup...

1. Run "Disk Cleanup" and allow it to remove everything it finds.

2. If you've downloaded MicroWorld AV (MWAV), run it again - but don't scan, just click "Clear Log" and exit the program.

Please skip this step 3. Go to www.trendmicro.com and click "Free Online Scan", then "Scan now, it's free!". Follow on-screen prompts.

4. Disable, then reenable System Restore; with a reboot in-between. Then immediately create a new system restore point manually.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster => SpywareBlaster will prevent spyware from being installed.
  • Spywareguard => SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware
To protect yourself further:
  • IE/Spyad => IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file => The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar => Get the free google toolbar to help stop pop up windows.
  • Use a Firewall => I can not stress enough how important it is that you use a Firewall on your computer. For an excellent article on Firewalls, why you should use one and a some of those available, see Computer Safety On line - Software Firewalls. I recommend ZoneAlarm or Sunbelts Kerio. ZoneAlarm is more user-friendly, but Sunbelts Kerio is considered more secure.
  • UPDATE!-UPDATE!-UPDATE! => This is, without a doubt, THE MOST IMPORTANT element in keeping your computer free of malware. Keep each and every one of your anti-malware tools AND Windows up-to-date with all current definitions and patches.
I also suggest that you delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself), for example:
  • C:\WINDOWS\Temp\--->Everything After the \.
  • C:\Temp\--->Everything After the \.
  • C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
  • Repeat for all users.
Also delete your Temporary Internet Files and cookies:
  • Click Start=>Control Panel=>Internet options.
  • Under the Generaltab.
  • Click Delete Files button.
  • Place a check-mark in Delete all off-line content.
  • Click OK
  • Click Delete Cookies
  • Click OK=>OK
  • Exit Control Panel
  • Repeat for all users.
In Firefox:
  • Click Tools=>Options=>Privacy icon.
  • Click Cache tab.
  • Click Clear Cache button.
  • Click Cookies tab.
  • Click Clear Cookies Now button.
  • Click OK
  • Repeat for all users.
Empty the recycle bin:
  • Right-click the Recycle Bin icon on your desktop.
  • Select "Empty Recycle Bin".
  • Repeat forall users.
Note: You can also do the above steps using a program such as CCleaner.
PLEASE NOTE: The above steps should be done on a regular basis.

Also, please see: So how did I get infected in the first place?

****** PLEASE READ ******
it is very rewarding to see that your computer is clean. Now we urge you to stand up and be counted! Document your experience, and by doing so, launch a complaint against the makers of malware. You can make a difference. Click on the Malware Complaints icon in my signature and support our cause.

If you are having any more problems, post back the description along with a fresh HijackThis log. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Thanks

Unread postby i952ftn » October 5th, 2006, 2:22 am

Thanks for help! Just one more thing. Which scans should I do on regular basis besides antivirus scan, of course? CCleaner, maybe?, or any other program you suggested in previous reply?
i952ftn
Active Member
 
Posts: 3
Joined: September 29th, 2006, 4:27 pm

Unread postby SpotCheckBilly » October 5th, 2006, 5:47 pm

Hello i952ftn,

I recommend regular scans with Spybot Seartch & Destroy and Ad-Aware SE 1.06 in addition to regular cleanup of temp files (either manually or using CCleaner). Probably more importantly, make sure everything is always up-to-date. Programs cannot protect you if they are not updated. This includes nonactive programs such as Spywareblaster IE-SPYAD. They are both updated on a regular basis, so check often.

The fact that you use Firefox should help to keep your machine clean as well, since it doesn't support ActiveX (one of the most common banes of Internet Explorer). The only time I ever use Internet Explorer is to do Windows Updates or online scans such as Panda, Kaspersky, etc..

FYI, since researching Hijackthis logs often takes me to undesirable sites, I do scans with Ad-Aware SE 1.06 and Spybot Seartch & Destroy twice a week. Depending on your surfing habits, you probably don't have to do them that frequently (unless YOU frequently visit undesirable sites LOL)

Safe surfing :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby NonSuch » October 5th, 2006, 6:27 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27226
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware